Menu
We have many gaming websites, among them I am hosting exclusive games on my server, and i don't want to access my games to other websites from my server. I want to restrict them accessing my content from my server.
For Example, assume I am having a website called www.abc.com, at source path like www.abc.com/games/abcgame.swf in which I have hosted my exclusive games. As I want other website holders not to access this content. If they steal this url and trying to access then I want to show some custom message like “Game not found” or somthig like “Please visit www.abc.com to play this game.” etc.
Can anyone having any ideas to implement this feature?
377
Sending an X-Frame-Options HTTP response header that instructs the browser to disable framing from other domains.
It's called the sandbox attribute. Just adding the sandbox attribute is enough to severely lock down an iframe. With this attribute set, the document inside the iframe cannot do any of the following: Run any JavaScript, even if it would only affect contents of the iframe.
Can I hide content inside an iframe from an external domain? Yes totally doable. Once you assign the parameter to a var, you could then do anything you want… like a hide() on an element.
If you create an iframe, your site becomes vulnerable to cross-site attacks. You may get a submittable malicious web form, phishing your users' personal data. A malicious user can run a plug-in. A malicious user can change the source site URL.
A first solution is to use X-Frame-Options header to prevent loading your page to an iframe. X-Frame-Options can specify one of two values: SAMEORIGIN, which only
allows iframes from the same origin to display this content, and deny, which prevents
any iframe from doing so. BUT this header is not part of HTTP specification and was introduced by Microsoft, so not all browsers support this header. An example of X-Frame-Options:
X-Frame-Options: SAMEORIGIN
In case some old browsers don't support the X-Frame-Options header. You could try a technique called FrameKiller. There are limitations, though, as pointed out in that link.
The user agent does not support JavaScript.
The user agent supports JavaScript but the user has turned support off.
The user agent's JavaScript support is flawed or partially implemented.
The idea is to use javascript to detect whether your page is loaded into an iframe. There are many ways to implement a frame killer script.
For your requirement, you could implement a frame killer script like this: try to access your parent window to read the window.location. If they include your page inside their iframe, the code would throw exception (cross-domain)
Example code:
window.onload = function(){
try
{
if (window.parent && window.parent.location.hostname !== "www.abc.com"){
throw new Error();
}
}
catch (e){
alert("Please visit www.abc.com to play this game.");
//You could do whatever you want here
}
}
if (window.top != window.self) {
window.top.location = window.self.location;
}
It first checks that the top most frame is the frame itself or not if it is not it changes the top level frame to this one. it is javascript.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
